Privacy Notice

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

Who we are VAT Debt Advice is a trading style of Merchant Chambers

collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation that applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

In the course of activities on our clients’ behalf we collect the following personal information when you provide it to us:

Who we share your personal information with

We routinely share your name and proposed address details with our third party suppliers, such as those who provide search information. For a list of our third party suppliers please contact us. This data sharing enables us to provide you with a high quality service and comply with our legal and regulatory obligations as follows:

Get in touch:

  • Email:
  • Phone: 0330 133 1228
  • Post: 427-431 London Rd, Sheffield S2 4HJ

Under data protection law a “data controller”:

  • is someone that makes decisions about how and why your information is used; and
  • has a duty to ensure that your rights are protected.

In this privacy policy “we”, “us” or “our” refers to the data controller as defined below.

Merchant Chambers will be the data controller save where:

  • you engage another company in the to provide services to you that company will be the data controller.  We will tell you which company this is in the engagement letter we send when you instruct us; or
  • you engage Merchant Chambers to provide insolvency services to you, the licensed insolvency practitioner who is handling your case will also be a data controller.  A list of our insolvency practitioners is included at the end of this privacy policy under the heading ‘Merchant Chambers’ We will tell you which insolvency practitioner is handling your case at the time that you engage us to provide insolvency services to you.

This privacy policy explains how and why we collect and use personal information, and what we do to ensure that it is kept private and secure. Your data is important to us and we hold it carefully.

Our business is constantly developing and improving to reflect that and any changes in law and regulation we may need to make changes to this privacy policy from time to time; you can see when it was last updated by checking the date at the bottom of this page. If you submit your personal details to us be sure to check back to this page to see if anything has changed.

  1. Collecting and using your information
      1. We collect the following information about you and use it in the following ways:
      2. If you engage us to provide you with services you will need to provide us with:
      3. your name and contact details (including email address, business or home address and phone number);
      4. proof of identity documents;
      5. financial information relating to your business (this may include bank account details and credit card details); and
      6. management, and other information relating to your business (including company books and records, company officers’ details and staff details) We will use this information to provide services to you or to comply with a legal duty (e.g. to complete money laundering checks).
      7. If you contact us to request information about us or our services or to make a complaint you will need to provide us with your name and contact details (including email address, business or home address and phone number).  We will use this information to answer your enquiry, send you the requested information or literature or to respond to your complaint.
      8. If you fill in a form on our website you will need to provide us with the information requested in the form marked as “required”, “mandatory” or similar.  We will use the information for the purposes described on the relevant form.
      9. If you are one of our business contacts (which may include tax advisers, solicitors or valuers) and we are working with you to provide services to a client we will collect information about you (including name, contact details and job title) in order to provide such services.
        1.If you contact us by telephone we may record call and retain copies of our conversations.  We will use such information for training and monitoring purposes.
        11.2. Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that person’s personal information in accordance with this privacy policy.  By disclosing such person’s personal information to us you confirm that you have the necessary consents to do so.
  1. Sharing with third parties

12.1. We will keep information about you and any services we provide to you on computer systems and databases accessed and used by Merchant Chambers.

12.2. We will not share your information with any third parties except:

12.2.1. where we have your permission
12.2.2. where required in order to provide the services to you (for instance we may need to share your personal information with the Insolvency Service, Companies House, tax advisors, solicitors or valuers);
12.2.3. to our professional advisers for the purposes of obtaining professional advice or establishing , exercising or defending legal rights;
12.2.4. to our suppliers (for instance suppliers that provide us with IT services); or
12.2.5. where we are required by law and to law enforcement agencies, government entities, tax authorities or regulatory bodies.

12.3. We will not share your information with third parties for marketing or market research without your explicit consent.

  1. Promotional and marketing information

13.1. You can choose to receive promotional and marketing information from us by opting-in to such communications either by contacting us by using the contact details set out at the top of this page or via our website.  You can opt-out at any time by contacting us via any of the methods set out below.

13.2. We sometimes contact businesses and business contacts without their prior consent in order to promote our services and build relationships.  If we have contacted you it is because we think these communications may be of interest or relevance to you. You can opt-out at any time by contacting us via any of the methods set out below.

13.3. If you change your mind about how you would like to receive such information or you no longer wish to receive this information, you can tell us at any time:
13.3.2. by posting a letter to us including your full name, email address and the word “unsubscribe”; or
13.3.3. by clicking the “unsubscribe” link in the marketing emails you receive from us.

You can also contact us using these details if you wish to complain about a marketing communication you have received in error.

13.3.4. Our marketing communications are either sent directly by us or by us using the MailChimp email marketing platform based in the US (for more information about MailChimp please see the ‘International Transfers’ section below).

  1. Accessing your information and other enquiries

14.1. If you:

14.1.1. would like to find out what information we hold about you;
14.1.2. believe that any of the information that we hold about you is incomplete, inaccurate or out of date;
14.1.3. have any queries about how we use your information which you do not think are answered in this privacy policy; or
14.1.4. would like us to delete your information from our systems;

please contact us by using the contact details set out at the top of this page.

14.2. We will always try to respond to your request to your satisfaction however there may be situations where we are unable to do so (for example if we are required by law to keep your information).

14.3. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at

  1. Keeping your information safe

15.1. We employ a variety of physical, technical and organisational measures to keep your information safe and to prevent unauthorised access to, or use or disclosure of it.  Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling your information.

15.2. We cannot absolutely guarantee the security of the internet or external networks or your own device, accordingly any online communications (e.g. information provided by email or through our website) are at your own risk.

15.3. Where your case is managed through the ‘Client Portal’ you shall be responsible for keeping your user access information secure and confidential.

  1. How long will we keep your information? 

16.1. We will keep your information for as long as it is required for the purpose(s) we collected it for (or for a related compatible purpose).

16.2. We regularly review what data we have and delete that which is no longer necessary.

  1. Where will we keep your information?

17.1. Except as set out below, we will usually keep your information within the European Union (EU).  If we or one of our subcontractors (such as our IT service providers) need to transfer it outside of the EU then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer of your information (for example, a US organisation which is certified under the EU-US Privacy Shield framework).

17.2. We use MailChimp, an email services platform based in the US, to manage and send email communications.  If you receive emails powered by the MailChimp platform, this will mean your information has been transferred to the US.  However, MailChimp’s owner (the Rocket Science Group LLC) is certified under the EU-US Privacy Shield scheme, meaning it has taken steps to ensure your information is adequately protected.  You can learn more about MailChimp by visiting its privacy policy at If you would like to learn more about the Privacy Shield scheme please visit

  1. Cookies 

18.1. Our website may use “cookies” to provide essential functionality.

18.2. You have the ability to accept or decline cookies by modifying the settings on your web browser.  If you use different web browsers or different devices to access our website you will need to change the settings on each of your web browsers and devices.

18.3. If you disable some or all cookies you may not be able to access parts of our website and/or you may reduce the features and functionality of our website.

18.4. Cookies we use

Cookie Name






Cookie assoiated with sites using CloudFlare, used to speed up page load times. According to CloudFlare it is used to override any security restrictions based on the IP address the visitor is coming from. It does not contain any user identification information.

Strictly Necessary


Google Universal Analytics

This cookie name is asssociated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.



Google Universal Analytic

This cookie name is asssociated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2018 no information is available from Google. It appears to store and update a unique value for each page visited.


__racnt, __racplx0, __rafm, __rasel0, __rasesh, __ratel0


Used to send data made from calls that have been made via the website




This cookie is associated with web analytics functionality and services from Hot Jar, a Malta based company. It uniquely identifies a visitor during a single browser session and indicates they are included in an audience sample.


  1. Google Adwords

18.4. Our website also uses Google’s AdWords remarketing service. This means that if you visit our website, you may see adverts for us then you visit other websites. This happens because Google places a cookie on your machine based on which pages you visit on our site, and then uses that cookie to show you relevant advertisements when you visit other sites. This remarketing process does not involve collecting or storing any of your personal data.

18.5. You can opt-out of Google’s use of cookies by visiting GOOGLE’S ADS SETTINGS. Alternatively, you can-opt out of Google and third-party cookies by visiting the NETWORK ADVERTISING INITIATIVE opt-out page.

  1. Google Analytics and Ruler Analytics

18.6. Our website uses two different tools to help analyse how users use the website; Google Analytics and Ruler Analytics. These analytical tools use ‘cookies’, which are text files placed on your computer, to collect standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of our website (including your IP address) is transmitted to Google and Ruler Analytics. This information is then used to evaluate visitor use of the website and to compile statistical reports on website activity.

18.7. We will not (and will not allow any third party) to use the statistical analytics tools to track or to collect any personally identifiable information of visitors to our website. We will not associate any data gathered from this website with any personally identifiable information from any source as part of our use of the statistical analytics tools. Google and Ruler Analytics will not associate your IP address with any other data held by them. Neither we nor Google nor Ruler Analytics will link, or seek to link, an IP address with the identity of a computer user.

  1. Third party websites

Our website may contain links to third party websites. The privacy policy for those websites will be different to our privacy policy and you should read the applicable privacy policy before submitting information to any such third party.

This page was last updated 08/04/2019